import { requireUser } from "../../utils/auth";
import {
  PROTECTION_TYPES,
  upsertDeviceProtectionState,
  type ProtectionType,
} from "../../db/device-protection";

/**
 * POST /api/devices/protection-state
 *
 * Body: {
 *   deviceId: string,
 *   platform: string,
 *   protectionType: 'nefilter' | 'vpn' | 'dns',
 *   active: boolean,
 *   reason?: string,
 *   source?: string
 * }
 *
 * Reports the per-device protection state from a client.
 */
export default defineEventHandler(async (event) => {
  const user = await requireUser(event);
  const body = await readBody(event);

  const {
    deviceId,
    platform,
    protectionType,
    active,
    reason,
    source,
  } = body as {
    deviceId?: string;
    platform?: string;
    protectionType?: string;
    active?: boolean;
    reason?: string;
    source?: string;
  };

  if (!deviceId) {
    throw createError({
      statusCode: 400,
      data: { error: "device_id_required" },
    });
  }

  if (!platform) {
    throw createError({
      statusCode: 400,
      data: { error: "platform_required" },
    });
  }

  if (!protectionType) {
    throw createError({
      statusCode: 400,
      data: { error: "protection_type_required" },
    });
  }

  if (!PROTECTION_TYPES.includes(protectionType as ProtectionType)) {
    throw createError({
      statusCode: 400,
      data: {
        error: "invalid_protection_type",
        validTypes: PROTECTION_TYPES,
      },
    });
  }

  if (typeof active !== "boolean") {
    throw createError({
      statusCode: 400,
      data: { error: "active_boolean_required" },
    });
  }

  await upsertDeviceProtectionState(
    user.id,
    deviceId,
    platform,
    protectionType as ProtectionType,
    active,
    undefined,
    reason ?? null,
    source ?? "app",
  );

  return { success: true, data: null };
});